usage() {
cat <<EOF
-usage: ${0##*/} [-h] [-t 2|test] [-m WIRELESS_MAC]
+usage: ${0##*/} [-h] [-t 2|3|test] [-m WIRELESS_MAC]
setup my router in general: dhcp, dns, etc.
-Type 2 is for setting up a backup device. Type test is for setting up a
-testing device.
+Type 2 or 3 is for setting up a backup device, there are two kinds so
+that you can switch the main device to a backup, then a backup to the
+main. Type test is for setting up a testing device.
Passing an empty string for WIRELESS_MAC will cause the device's native
mac to be used.
}
+
+
dev2=false
test=false
-hostname=wrt
libremanage_host=wrt2
+if [[ -e /p/router-secrets ]]; then
+ source /p/router-secrets
+fi
+rmac=$(cat /sys/class/net/eth0/address)
+if [[ $rhost ]]; then
+ hostname=${rhost[$rmac]}
+fi
+: ${hostname:=wrt}
+
+
lanip=1
while getopts hm:t: opt; do
case $opt in
h) usage ;;
t)
case $2 in
- 2)
+ 2|3)
dev2=true
+ libremanage_host=$hostname
+ ;;&
+ 2)
lanip=4
hostname=wrt2
- libremanage_host=wrt
+ ;;
+ 3)
+ lanip=14
+ hostname=wrt3
;;
test)
test=true
macpre=${mac:0: -1}
macsuf=${mac: -1}
+
+p_updated=false
pmirror() {
+ if $p_updated; then
+ return
+ fi
# background: upgrading all packages is not recommended because it
# doesn't go into the firmware. build new firmware if you want
# lots of upgrades. I think /tmp/opkg-lists is a pre openwrt 14 location.
f=(/var/opkg-lists/*)
if ! (( $(date -r $f +%s) + 60*60*24 > $(date +%s) )); then
- opkg update
+ if ! opkg update; then
+ echo "$0: warning: opkg update failed" >&2
+ fi
+ p_updated=true
fi
}
pi() {
- for x in "$@"; do
- if [[ ! $(opkg list-installed "$x") ]]; then
+ to_install=()
+ for p in "$@"; do
+ pname=${p##*/}
+ pname=${pname%%_*}
+ if [[ ! $(opkg list-installed "$pname") ]]; then
+ to_install+=($p)
pmirror
- opkg install "$@"
fi
done
+ if [[ $to_install ]]; then
+ opkg install ${to_install[@]}
+ fi
}
v() {
####### end uci example #####
uset() {
+ printf "+ uset %s\n" "$*"
local key="$1"
local val="$2"
local service="${key%%.*}"
fi
}
+udel() {
+ printf "+ udel %s\n" "$*"
+ local key="$1"
+ local val="$2"
+ local service="${key%%.*}"
+ restart_var=${service}_restart
+ if [[ ! ${!restart_var} ]]; then
+ eval $restart_var=false
+ fi
+ if uci get "$key" &>/dev/null; then
+ v uci set "$key"="$val"
+ uci commit $service
+ eval $restart_var=true
+ fi
+}
+
+
### network config
###
if $test; then
ssid="gnuv3"
lan=10.1.0.0
+elif [[ $hostname == cmc ]]; then
+ ssid=Svenska
+ lan=10.2.0.0
+fi
+
+if [[ $rkey ]]; then
+ key=${rkey[$rmac]}
fi
+: ${key:=pictionary49}
+
mask=255.255.0.0
cidr=16
l=${lan%.0}
# wiki says safe to do in case of fstab changes:
## ian: usb broke on old router. if that happens, can just comment this to disable problems
-echo | cedit /etc/config/fstab ||:
-cedit /etc/config/fstab <<EOF || { v block umount; v block mount; }
+# echo | cedit /etc/config/fstab ||:
+v cedit /etc/config/fstab <<EOF || { v block umount; v block mount; }
config global automount
option from_fstab 1
option anon_mount 1
fi
wireless_restart=false
-key=pictionary49
+
for x in 0 1; do
uset wireless.default_radio$x.ssid "$ssid"
uset wireless.default_radio$x.key $key
firewall_restart=false
v cedit /etc/config/firewall <<EOF || firewall_restart=true
-
config redirect
option name ssh
option src wan
option dest_port 22
config redirect
- option name sshalt
+ option name sshkd
option src wan
- option src_dport 2222
+ option src_dport 2202
option dest_port 22
- option dest_ip $l.3
+ option dest_ip $l.2
option dest lan
config rule
option src wan
option target ACCEPT
- option dest_port 2222
+ option dest_port 2202
+config redirect
+ option name sshfrodo
+ option src wan
+ option src_dport 2203
+ option dest_port 22
+ option dest_ip $l.3
+ option dest lan
config rule
option src wan
option target ACCEPT
- option dest_port 2220
+ option dest_port 2203
+config redirect
+ option name sshx2
+ option src wan
+ option src_dport 2205
+ option dest_port 22
+ option dest_ip $l.5
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2205
config redirect
+ option name sshx3
option src wan
- option src_dport 443
+ option src_dport 2207
+ option dest_port 22
+ option dest_ip $l.7
option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2207
+
+config redirect
+ option name sshtp
+ option src wan
+ option src_dport 2208
+ option dest_port 22
option dest_ip $l.8
- option proto tcp
+ option dest lan
config rule
option src wan
option target ACCEPT
- option dest_port 443
- option proto tcp
+ option dest_port 2208
+
+
+config rule
+ option name sshwrt
+ option src wan
+ option target ACCEPT
+ option dest_port 2220
+
config redirect
+ option name vpntp
option src wan
option src_dport 1196
option dest lan
config redirect
+ option name httptp
option src wan
option src_dport 80
option dest lan
option dest_port 80
option proto tcp
+config redirect
+ option name httpstp
+ option src wan
+ option src_dport 443
+ option dest lan
+ option dest_ip $l.8
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 443
+ option proto tcp
+
config redirect
option name syncthing
option src wan
option target ACCEPT
option family ipv6
+config rule
+ option name http-ipv6
+ option src wan
+ option dest lan
+ option dest_port 80
+ option target ACCEPT
+ option family ipv6
config rule
- option name mail-ipv6
+ option name https-ipv6
option src wan
option dest lan
- option dest_port 25
+ option dest_port 443
option target ACCEPT
option family ipv6
+config rule
+ option name node-exporter
+ option src wan
+ option dest lan
+ option dest_port 9101
+ option target ACCEPT
+ option family ipv6
+
+config rule
+ option name mail587-ipv6
+ option src wan
+ option dest lan
+ option dest_port 587
+ option target ACCEPT
+ option family ipv6
+
+
EOF
dnsmasq_restart=false
v cedit /etc/hosts <<EOF || dnsmasq_restart=true
-127.0.1.1 wrt
-$l.1 wrt
+127.0.1.1 $hostname
+$l.1 $hostname
$l.2 kd
$l.3 frodo
$l.4 wrt2
$l.5 x2
$l.6 demohost
-$l.7 x3
+#$l.7 x3
$l.8 tp b8.nz faiserver
$l.9 bb8
+$l.14 wrt3
+2600:3c00::f03c:91ff:fe6d:baf8 li
72.14.176.105 li
+2a01:7e01::f03c:91ff:feb5:baec l2
+172.105.84.95 l2
# netns creation looks for next free subnet starting at 10.173, but I only
# use one, and I would keep this one as the first created.
# fi
-# avoid using the dns servers that my isp tells me about.
-if [[ $(uci get dhcp.@dnsmasq[0].resolvfile 2>/dev/null) ]]; then
- # default is '/tmp/resolv.conf.auto', we switch to the dnsmasq default of
- # /etc/resolv.conf. not sure why I did this.
- v uci delete dhcp.@dnsmasq[0].resolvfile
- uci commit dhcp
- dnsmasq_restart=true
-fi
-
uset dhcp.@dnsmasq[0].domain b8.nz
uset dhcp.@dnsmasq[0].local /b8.nz/
uset system.@system[0].hostname $hostname
# to start.
mkdir -p /mnt/usb/tftpboot
v cedit /etc/dnsmasq.conf <<EOF || dnsmasq_restart=true
+server=/dmarctest.b8.nz/#
+server=/_domainkey.b8.nz/#
+server=/_dmarc.b8.nz/#
+server=/ns1.b8.nz/#
+server=/ns2.b8.nz/#
+mx-host=b8.nz,mail.iankelling.org,10
+txt-record=b8.nz,"v=spf1 a ?all"
+
# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
stop-dns-rebind
uset network.lan.ipaddr $l.$lanip
uset network.lan.netmask $mask
-uset dhcp.wan.ignore $dev2 # default is false
-uset dhcp.lan.ignore $dev2 # default is false
if $dev2; then
uset network.lan.gateway $l.1
uset network.wan.proto none
uset network.wan6.proto none
+ /etc/init.d/dnsmasq stop
+ /etc/init.d/dnsmasq disable
+ /etc/init.d/odhcpd stop
+ /etc/init.d/odhcpd disable
+ # things i tried to keep dnsmasq running but not enabled except local dns,
+ # but it didnt work right and i dont need it anyways.
+ # uset dhcp.wan.ignore $dev2 # default is false
+ # uset dhcp.lan.ignore $dev2 # default is false
+ # uset dhcp.@dnsmasq[0].interface lo
+ # uset dhcp.@dnsmasq[0].localuse 0
+ # uset dhcp.@dnsmasq[0].resolvfile /etc/dnsmasq.conf
+ # uset dhcp.@dnsmasq[0].noresolv 1
+ # todo: populate /etc/resolv.conf with a static value
+
else
# these are the defaults
uset network.lan.gateway ''
uset network.wan.proto dhcp
uset network.wan6.proto dhcpv6
+ /etc/init.d/dnsmasq start
+ # todo: figure out why this returns 1
+ /etc/init.d/dnsmasq enable ||:
+ /etc/init.d/odhcpd start
+ /etc/init.d/odhcpd enable
fi